Apple updates Safari ahead of CanSecWest browser hacking contest

Friday, March 12, 2010 · 9:29 am · 17 Comments

“Two weeks before a browser hacking contest is to kick off in Vancouver, British Columbia, Apple yesterday patched 16 vulnerabilities in Safari, 12 of them critical bugs that could be used to hijack a machine,” Gregg Keizer reports for Computerworld.

“Apple updated Safari for both Mac OS X and Windows to version 4.0.5, hardening the browser before it’s tossed into the ring with Microsoft’s Internet Explorer, Mozilla’s Firefox and Google’s Chrome at this year’s Pwn2Own hacking challenge,” Keizer reports. “The contest organizer has predicted that Safari would be the first to fall when researchers battle for $40,000 in prize money beginning March 24 at the CanSecWest security conference.”

“Nine of the 16 flaws patched Thursday were in the open-source WebKit browser engine that forms the foundation of Safari; six affected only the Windows version, which runs on XP, Vista and Windows 7,” Keizer reports. “Of the half-dozen Windows-only vulnerabilities, four were in the Image IO component, and could be triggered by specially-crafted TIFF or BMG image files when rendered by Safari.”

Keizer reports, “The WebKit fixes may be timely. Last month, Aaron Portnoy, security research team lead with 3Com TippingPoint, the sponsor of Pwn2Own, bet that Safari would crumble at the contest in part because it’s built ‘on the notoriously buggy WebKit.’”

Full article here.

[Thanks to MacDailyNews Reader "Robert S." for the heads up.]

Categories: All Sites, News

17 Comments

Ubermac

Friday, March 12, 2010 - 10:35 am · Reply

They should have done it 2 days before… would love to see some of them smug hackers sweatin.

Sarasota

Friday, March 12, 2010 - 10:38 am · Reply

Do they test betas, too, or just release versions?

NCG598

Friday, March 12, 2010 - 10:48 am · Reply

They Still have time to release a spoiler update. Just in time to make those hackers show the pucker factor.

Though it would be fun to release it a few days before.

wandering joe's other mac

Friday, March 12, 2010 - 10:49 am · Reply

Good to see Apple’s being kept on their toes. Nothing like complacency to let the others get the lead.

Steve516

Friday, March 12, 2010 - 11:07 am · Reply

notoriously buggy? sorry buddy – you must work for Adobe…

Mark

Friday, March 12, 2010 - 11:09 am · Reply

Nothing like the media equating the speed the hack runs (“hacked first”) with the amount of effort needed to develop the hack before the contest starts (weeks or months).

Jersey_Trader

Friday, March 12, 2010 - 11:22 am · Reply

What ever you work on first is often what you finish first. Many people leave the real easy stuff for last! When they teach these turds to hack, don’t they start with Windows because it has all the traditional BIG ASS HOLES in it’s software?

JAYGEE

Friday, March 12, 2010 - 12:22 pm · Reply

I agree that they should have waited a few days before to release the update.

Original Jake

Friday, March 12, 2010 - 12:27 pm · Reply

The is hilarious–LOL!
Two weeks is also far enough in advance that Apple can claim the hackers contest had nothing to do with the timing of the update, annoyng the hackers even more!

Synthmeister

Friday, March 12, 2010 - 12:31 pm · Reply

I agree that these hacking contests are not what they seem to be, but I’m also glad the same contests are very likely pushing Apple a little faster on the updates.

And more power to Apple for exploiting the contest just like everyone else does.

II_ROBOCOP_II

Friday, March 12, 2010 - 12:34 pm · Reply

Wow, this is going to be a good thing for all computer users in the end. Just think about those Windows users, when it was found out that IE6 had so much holes in it. People are grouping hackers and crackers together which isn’t cool. Hackers are the guys that may show you how to tether or jailbreak an iPhone. Crackers are guys who are trying to steal your personal information. Get your knowledge up, and be happy that we don’t have to worry about hardly anything on a Mac.